projects / platform / upstream / dbus.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6ddda4e) | patch
dbus-marshal-validate: Check brackets in signature nest correctly 04/294504/1
authorSimon McVittie <smcv@collabora.com>
Tue, 13 Sep 2022 14:10:22 +0000 (15:10 +0100)
committerChanwoo Choi <cw00.choi@samsung.com>
Tue, 20 Jun 2023 08:29:35 +0000 (17:29 +0900)
commit590b03852136e9c9a4cd87470ca93a5ca945c841
treeaabfe2bf35aedb925934339ab982ec6e3da000fftree | snapshot
parent6ddda4ee3b130fcd5dbc7ab18a1a9b7c9f0f96d2commit | diff
dbus-marshal-validate: Check brackets in signature nest correctly

In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.

In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.

Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Change-Id: I94c50c8635d05a2b7e9cb9e77982551e95c3b69c
dbus/dbus-marshal-validate.c diff | blob | history
Domain: System / IPC;